1
GNU TLS NEWS -- History of user-visible changes. -*- outline -*-
1
GnuTLS NEWS -- History of user-visible changes. -*- outline -*-
2
2
Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
3
2006, 2007, 2008, 2009, 2010 Free Software Foundation
3
2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
4
4
See the end for copying conditions.
6
* Version 2.10.5 (released 2011-02-28)
8
** libgnutls: Corrected verification of finished messages.
10
** libgnutls: Corrected signature generation and verification
11
in the Certificate Verify message when in TLS 1.2. Reported
14
** pkg-config gnutls.pc improvements.
15
The file uses 'Requires.private' for libtasn1 and libz when needed,
16
instead of Libs.private. From Andreas Metzler.
18
** API and ABI modifications:
19
No changes since last version.
21
* Version 2.10.4 (released 2010-12-06)
23
** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz.
25
** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures.
26
This makes us comply with RFC3279. Reported by Michael Rommel.
28
** libgnutls: Reverted default behavior for verification and
29
introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default
30
V1 trusted CAs are allowed, unless the new flag is specified.
32
** minitasn1: Updated to Libtasn1 2.9.
34
** API and ABI modifications:
35
No changes since last version.
37
* Version 2.10.3 (released 2010-11-19)
39
** libgnutls: Correctly add leading zero to PKCS #8 encoded DSA key.
40
Reported by Jeffrey Walton.
42
** libgnutls: Corrected memory leak in extension data calculation.
43
Reported by Mike Blumenkrantz.
45
** libgnutls: Remove trailing comma in enums in gnutls.h and x509.h.
47
** API and ABI modifications:
48
No changes since last version.
50
* Version 2.10.2 (released 2010-09-30)
52
** Use Libtool 2.2.10 to ease MinGW64 builds.
54
** libgnutls: Add new extended key usage ipsecIKE.
56
** libgnutls: Is now more liberal in the PEM decoding.
57
That is spaces and tabs are being skipped.
59
** libgnutls: Renamed NULL MAC to MAC-NULL to prevent clash with NULL cipher.
60
This prevented the usage of the TLS ciphersuites with NULL cipher.
61
See <http://thread.gmane.org/gmane.network.gnutls.general/2093>.
63
** libgnutls: The %COMPAT flag now allows larger records that violate the
66
** libgnutls: Fix asynchronous API handling.
67
The code was clearing session hash data on EAGAIN. Problem reported
68
by Sjoerd Simons <sjoerd.simons@collabora.co.uk> and Vivek
69
Dasmohapatra <vivek@collabora.co.uk>. See
70
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4531>.
72
** gnutls-cli: Flush stdout/stderr before removing buffering.
73
Reported by Knut Anders Hatlen see
74
<http://savannah.gnu.org/support/?107481>.
76
** API and ABI modifications:
77
No changes since last version.
79
* Version 2.10.1 (released 2010-07-25)
81
** libgnutls: Added support for broken certificates that indicate RSA
84
** gnutls-cli: Allow verification using V1 CAs.
86
** libgnutls: gnutls_x509_privkey_import() will fallback to
87
gnutls_x509_privkey_import_pkcs8() without a password, if it
88
is unable to decode the key.
90
** libgnutls: Correctly deinitialize crypto API functions to prevent
91
a memory leak. Reported by Mads Kiilerich.
93
** certtool: If asked to generate DSA keys of size more than 1024 bits,
94
issue a warning, that the output key might not be working everywhere.
96
** certtool: The --pkcs-cipher is taken into account when generating a
97
private key. The default cipher used now is aes-128. The old behavior
98
can be simulated by specifying "--pkcs-cipher 3des-pkcs12".
100
** API and ABI modifications:
101
No changes since last version.
103
* Version 2.10.0 (released 2010-06-25)
105
** API and ABI modifications:
106
No changes since last version.
108
* Version 2.9.12 (released 2010-06-17)
110
** gnutls-cli: Make --starttls work again.
111
Problem introduced in patch to use read() instead of fgets() committed
114
** API and ABI modifications:
115
No changes since last version.
117
* Version 2.9.11 (released 2010-06-07)
119
** libgnutls: Removed two APIs related to safe renegotiation.
120
Use priority strings instead. The APIs were
121
gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set.
122
(Remember that we don't promise ABI stability during development
123
series, so this doesn't cause an shared library ABI increment.)
125
** tests: More self testing of safe renegotiation extension.
126
See tests/safe-renegotiation/README for more information.
128
** doc: a PDF version of the API reference manual (GTK-DOC) is now built.
130
** doc: Terms 'GNUTLS' and 'GNU TLS' were changed to 'GnuTLS' for consistency.
132
** API and ABI modifications:
133
gnutls_safe_negotiation_set_initial: REMOVED.
134
gnutls_safe_renegotiation_set: REMOVED.
136
* Version 2.9.10 (released 2010-04-22)
138
** libgnutls: Time verification extended to trusted certificate list.
139
Unless new constant GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS flag is
142
** certtool: Display postalCode and Name X.509 DN attributes correctly.
143
Based on patch by Pavan Konjarla. Adds new constant
144
GNUTLS_OID_X520_POSTALCODE and GNUTLS_OID_X520_NAME.
146
** libgnutls: Added Steve Dispensa's patch for safe renegotiation (RFC 5746)
147
Solves the issue discussed in:
148
<http://www.ietf.org/mail-archive/web/tls/current/msg03928.html> and
149
<http://www.ietf.org/mail-archive/web/tls/current/msg03948.html>.
150
Note that to allow connecting to unpatched servers the full protection
151
is only enabled if the priority string %SAFE_RENEGOTIATION is
152
specified. You can check whether protection is in place by querying
153
gnutls_safe_renegotiation_status(). New error codes
154
GNUTLS_E_SAFE_RENEGOTIATION_FAILED and
155
GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED added.
157
** libgnutls: When checking openpgp self signature also check the signatures
159
Ilari Liusvaara noticed and reported the issue and provided test
162
** libgnutls: Added cryptodev support (/dev/crypto).
163
Tested with http://www.logix.cz/michal/devel/cryptodev/. Added
164
benchmark utility for AES. Adds new error codes
165
GNUTLS_E_CRYPTODEV_IOCTL_ERROR and GNUTLS_E_CRYPTODEV_DEVICE_ERROR.
167
** libgnutls: Exported API to access encryption and hash algorithms.
168
The new API functions are gnutls_cipher_decrypt, gnutls_cipher_deinit,
169
gnutls_cipher_encrypt, gnutls_cipher_get_block_size,
170
gnutls_cipher_init, gnutls_hash, gnutls_hash_deinit, gnutls_hash_fast,
171
gnutls_hash_get_len, gnutls_hash_init, gnutls_hash_output,
172
gnutls_hmac, gnutls_hmac_deinit, gnutls_hmac_fast,
173
gnutls_hmac_get_len, gnutls_hmac_init, gnutls_hmac_output. New API
174
constants are GNUTLS_MAC_SHA224 and GNUTLS_DIG_SHA224.
176
** libgnutls: Added gnutls_certificate_set_verify_function() to allow
177
verification of certificate upon receipt rather than waiting until the
178
end of the handshake.
180
** libgnutls: Don't send alerts during handshake.
181
Instead new error code GNUTLS_E_UNKNOWN_SRP_USERNAME is added.
183
** certtool: Corrected two issues that affected certificate request generation.
184
(1) Null padding is added on integers (found thanks to Wilankar Trupti),
185
(2) In optional SignatureAlgorithm parameters field for DSA keys the DSA
186
parameters were added. Those were rejected by Verisign. Gnutls no longer adds
187
those parameters there since other implementations don't do either and having
188
them does not seem to offer anything (anyway you need the signer's certificate
189
to verify thus public key will be available). Found thanks to Boyan Kasarov.
190
This however has the side-effect that public key IDs shown by certtool are
191
now different than previous gnutls releases.
192
(3) the option --pgp-certificate-info will verify self signatures
194
** certtool: Allow exporting of Certificate requests on DER format.
196
** certtool: New option --no-crq-extensions to avoid extensions in CSRs.
198
** gnutls-cli: Handle reading binary data from server.
199
Reported by and tiny patch from Vitaly Mayatskikh
200
<v.mayatskih@gmail.com> in
201
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4096>.
203
** minitasn1: Upgraded to libtasn1 version 2.6.
205
** i18n: Updated Czech, Dutch, French, Polish, Swedish translation.
206
** Added Italian and Simplified Chinese translation.
207
Thanks to Petr Pisar, Erwin Poeze, Nicolas Provost, Jakub Bogusz,
208
Daniel Nylander, Sergio Zanchetta, Tao Wei, and Aron Xu.
210
** doc: The GTK-DOC manual is significantly improved.
212
** API and ABI modifications:
213
%DISABLE_SAFE_RENEGOTIATION: Added to priority strings (do not use).
214
%INITIAL_SAFE_RENEGOTIATION: Added to priority strings.
215
%UNSAFE_RENEGOTIATION: Added to priority strings.
216
GNUTLS_DIG_SHA224: ADDED.
217
GNUTLS_E_CRYPTODEV_DEVICE_ERROR: ADDED.
218
GNUTLS_E_CRYPTODEV_IOCTL_ERROR: ADDED.
219
GNUTLS_E_SAFE_RENEGOTIATION_FAILED: ADDED.
220
GNUTLS_E_UNKNOWN_SRP_USERNAME: ADDED.
221
GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED: ADDED.
222
GNUTLS_MAC_SHA224: ADDED.
223
GNUTLS_OID_X520_NAME: ADDED.
224
GNUTLS_OID_X520_POSTALCODE: ADDED.
225
GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: ADDED.
226
GNUTLS_VERSION_MAX: ADDED.
227
gnutls_certificate_set_verify_function: ADDED.
228
gnutls_cipher_decrypt: ADDED.
229
gnutls_cipher_deinit: ADDED.
230
gnutls_cipher_encrypt: ADDED.
231
gnutls_cipher_get_block_size: ADDED.
232
gnutls_cipher_init: ADDED.
234
gnutls_hash_deinit: ADDED.
235
gnutls_hash_fast: ADDED.
236
gnutls_hash_get_len: ADDED.
237
gnutls_hash_init: ADDED.
238
gnutls_hash_output: ADDED.
240
gnutls_hmac_deinit: ADDED.
241
gnutls_hmac_fast: ADDED.
242
gnutls_hmac_get_len: ADDED.
243
gnutls_hmac_init: ADDED.
244
gnutls_hmac_output: ADDED.
245
gnutls_safe_negotiation_set_initial: ADDED.
246
gnutls_safe_renegotiation_set: ADDED.
247
gnutls_safe_renegotiation_status: ADDED.
249
* Version 2.9.9 (released 2009-11-09)
251
** libgnutls: Cleanups and several bug fixes.
252
Found by Steve Grubb and Tomas Mraz.
254
** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv.
256
** Fix --disable-valgrind-tests.
257
Reported by Ingmar Vanhassel in
258
<https://savannah.gnu.org/support/?107029>.
260
** API and ABI modifications:
261
No changes since last version.
263
* Version 2.9.8 (released 2009-11-05)
265
** libgnutls: Fix for memory leaks on interrupted handshake.
266
Reported by Tang Tong.
268
** libgnutls: Addition of support for TLS 1.2 signature algorithms
269
** extension and certificate verify field.
270
This requires changes for TLS 1.2 servers and clients that use
271
callbacks for certificate retrieval. They are now required to check
272
with gnutls_sign_algorithm_get_requested() whether the certificate
273
they send complies with the peer's preferences in signature
276
** libgnutls: In server side when resuming a session do not overwrite the
277
** initial session data with the resumed session data.
279
** libgnutls: Added support for AES-128, AES-192 and AES-256 in PKCS #8
281
This affects also PKCS #12 encoded files. This adds the following new
282
enums: GNUTLS_CIPHER_AES_192_CBC, GNUTLS_PKCS_USE_PBES2_AES_128,
283
GNUTLS_PKCS_USE_PBES2_AES_192, GNUTLS_PKCS_USE_PBES2_AES_256.
285
** libgnutls: Fix PKCS#12 encoding.
286
The error you would get was "The OID is not supported.". Problem
287
introduced for the v2.8.x branch in 2.7.6.
289
** certtool: Added the --pkcs-cipher option.
290
To explicitely specify the encryption algorithm to use.
292
** tests: Added "pkcs12_encode" self-test to check PKCS#12 functions.
294
** tests: Fix time bomb in chainverify self-test.
295
Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
296
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.
298
** tests: Fix expired cert in chainverify self-test.
300
** i18n: Vietnamese translation updated.
301
Thanks to Clytie Siddall.
303
** API and ABI modifications:
304
GNUTLS_CIPHER_AES_192_CBC: ADDED to gnutls/gnutls.h.
305
GNUTLS_PKCS_USE_PBES2_AES_128: ADDED to gnutls/x509.h.
306
GNUTLS_PKCS_USE_PBES2_AES_192: ADDED to gnutls/x509.h.
307
GNUTLS_PKCS_USE_PBES2_AES_256: ADDED to gnutls/x509.h.
308
GNUTLS_BAG_SECRET: ADDED to gnutls/pkcs12.h.
309
GNUTLS_DIG_UNKNOWN: ADDED to gnutls/gnutls.h.
310
gnutls_sign_algorithm_get_requested: ADDED.
312
* Version 2.9.7 (released 2009-10-06)
314
** libgnutls: TLS 1.2 server mode fixes.
315
Now interoperates against Opera. Contributed by Daiki Ueno.
317
** libgnutlsxx: Fix link problems.
318
Tiny patch from Boyan Kasarov <bkasarov@gmail.com>.
320
** guile: Compatibility with guile 2.x.
321
By Ludovic Courtes <ludovic.courtes@laas.fr>.
323
** API and ABI modifications:
324
No changes since last version.
326
* Version 2.9.6 (released 2009-09-22)
328
** libgnutls: Enable Camellia ciphers by default.
330
** API and ABI modifications:
331
No changes since last version.
333
* Version 2.9.5 (released 2009-09-10)
335
** libgnutls: Add new functions to extract X.509 Issuer Alternative Names.
336
The new functions are gnutls_x509_crt_get_issuer_alt_name2,
337
gnutls_x509_crt_get_issuer_alt_name, and
338
gnutls_x509_crt_get_issuer_alt_othername_oid. Contributed by Brad
339
Hards <bradh@frogmouth.net>.
341
** API and ABI modifications:
342
gnutls_x509_crt_get_issuer_alt_name2: ADDED.
343
gnutls_x509_crt_get_issuer_alt_name: ADDED.
344
gnutls_x509_crt_get_issuer_alt_othername_oid: ADDED.
346
* Version 2.9.4 (released 2009-09-03)
348
** libgnutls: Client-side TLS 1.2 and SHA-256 ciphersuites now works.
349
The new supported ciphersuites are AES-128/256 in CBC mode with
350
ANON-DH/RSA/DHE-DSS/DHE-RSA. Contributed by Daiki Ueno. Further,
351
SHA-256 is now the preferred default MAC (however it is only used with
354
** libgnutls: Make OpenPGP hostname checking work again.
355
The patch to resolve the X.509 CN/SAN issue accidentally broken
356
OpenPGP hostname comparison.
358
** libgnutls: When printing X.509 certificates, handle XMPP SANs better.
359
Reported by Howard Chu <hyc@symas.com> in
360
<https://savannah.gnu.org/support/?106975>.
362
** Fix use of deprecated types internally.
363
Use of deprecated types in GnuTLS from now on will lead to a compile
364
error, to prevent this from happening again.
366
** API and ABI modifications:
367
No changes since last version.
369
* Version 2.9.3 (released 2009-08-19)
371
** libgnutls: Support for TLS tickets was contributed by Daiki Ueno.
372
The new APIs are gnutls_session_ticket_enable_client,
373
gnutls_session_ticket_enable_server, and
374
gnutls_session_ticket_key_generate.
376
** gnutls-cli, gnutls-serv: New parameter --noticket to disable TLS tickets.
378
** API and ABI modifications:
379
gnutls_session_ticket_key_generate: ADDED.
380
gnutls_session_ticket_enable_client: ADDED.
381
gnutls_session_ticket_enable_server: ADDED.
383
* Version 2.9.2 (released 2009-08-14)
385
** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
386
By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
387
into 1) not printing the entire CN/SAN field value when printing a
388
certificate and 2) cause incorrect positive matches when matching a
389
hostname against a certificate. Some CAs apparently have poor
390
checking of CN/SAN values and issue these (arguable invalid)
391
certificates. Combined, this can be used by attackers to become a
392
MITM on server-authenticated TLS sessions. The problem is mitigated
393
since attackers needs to get one certificate per site they want to
394
attack, and the attacker reveals his tracks by applying for a
395
certificate at the CA. It does not apply to client authenticated TLS
396
sessions. Research presented independently by Dan Kaminsky and Moxie
397
Marlinspike at BlackHat09. Thanks to Tomas Hoger <thoger@redhat.com>
398
for providing one part of the patch. [GNUTLS-SA-2009-4] [CVE-2009-2730].
400
** libgnutls: Fix rare failure in gnutls_x509_crt_import.
401
The function may fail incorrectly when an earlier certificate was
402
imported to the same gnutls_x509_crt_t structure.
404
** minitasn1: Internal copy updated to libtasn1 v2.3.
406
** libgnutls: Fix return value of gnutls_certificate_client_get_request_status.
407
Before it always returned false. Reported by Peter Hendrickson
408
<pdh@wiredyne.com> in
409
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.
411
** libgnutls: Fix off-by-one size computation error in unknown DN printing.
412
The error resulted in truncated strings when printing unknown OIDs in
413
X.509 certificate DNs. Reported by Tim Kosse
414
<tim.kosse@filezilla-project.org> in
415
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.
417
** libgnutls: Fix PKCS#12 decryption from password.
418
The encryption key derived from the password was incorrect for (on
419
average) 1 in every 128 input for random inputs. Reported by "Kukosa,
420
Tomas" <tomas.kukosa@siemens-enterprise.com> in
421
<http://permalink.gmane.org/gmane.network.gnutls.general/1663>.
423
** libgnutls: Return correct bit lengths of some MPIs.
424
gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and
425
gnutls_dh_get_peers_public_bits. Before the reported value was
426
overestimated. Reported by Peter Hendrickson <pdh@wiredyne.com> in
427
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.
429
** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN.
430
Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in
431
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671>
433
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>.
435
** libgnutls: Relax checking of required libtasn1/libgcrypt versions.
436
Before we required that the runtime library used the same (or more
437
recent) libgcrypt/libtasn1 as it was compiled with. Now we just check
438
that the runtime usage is above the minimum required. Reported by
439
Marco d'Itri <md@linux.it> via Andreas Metzler
440
<ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>.
442
** tests: Added new self-test pkcs12_s2k_pem to detect MPI bit length error.
444
** tests: Improved test vectors in self-test pkcs12_s2k.
446
** tests: Added new self-test dn2 to detect off-by-one size error.
448
** tests: Fix failure in "chainverify" because a certificate have expired.
450
** API and ABI modifications:
451
No changes since last version.
453
* Version 2.9.1 (released 2009-06-08)
455
** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle.
456
Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from
457
<http://bugs.gentoo.org/272388>.
459
** tests: Added new self-tests init_roundtrip.c to detect previous problem.
461
** Reduce stack usage for some CRQ functions.
463
** Doc fixes for CRQ functions.
465
** API and ABI modifications:
466
No changes since last version.
468
* Version 2.9.0 (released 2009-05-28)
472
** API and ABI modifications:
473
No changes since last version.
6
475
* Version 2.8.6 (released 2010-03-15)
8
477
** libgnutls: For CSRs, don't null pad integers for RSA/DSA value.